Changelog

We've released a fix to the deployment instructions for the supabase-grafana monitoring application.

If you're ingesting the metrics endpoint into your pre-existing managed infrastructure without using the supabase-grafana app, this change does not affect you. If you're running the supabase-grafana app using the docker-compose mechanism, you are also not affected.

Fly applications launched off the repository between December 10, 2023, and May 16, 2024 are impacted, and will experience:

• Fly application being shut down after periods of inactivity of a few minutes (default Fly.io behaviour)
• Historical data will not be persisted after such a shutdown

The fix to the deployment instructions ensures that a persistent volume is created to store the data on, which prevents loss in case of a machine shutdown or restart. Additionally, autoshutdown behaviour is disabled, in order to prevent the app from being paused due to inactivity.

In order to fix an existing, already deployed Fly application, you can edit its configuration to disable auto_stop_machines, and create a persistent volume, and mount it at /data (similar to the updated deployment instructions). Please note that as the newly created persistent volume will be empty to start, any existing metrics data will not be preserved as part of this change. If doing so is necessary, you can initially mount it at a separate path, copy the data over, and finally mount it at /data.

If you need further help, please reach out to Support via https://supabase.help

Conversational AI assistant in the SQL Editor#

This was previously behind a feature flag but we're now making this available by default, which will replace the existing single prompt UI that you saw previously at the top of the SQL editor. Once again, thank you all so much for the feedback that you've left us - we really appreciate them and they definitely do help in guiding us towards the ideal dashboard experience for everyone. 🙂🙏

We're also aware that the feature preview functionality is missing in the local set up - rest assured we're looking into it and hope to get a fix out soon for everyone!

PR: https://github.com/supabase/supabase/pull/23142

Link: https://supabase.com/dashboard/project/_/sql

A step towards slightly more contextual error messages#

A topic that came up in one of our discussions internally was regarding self-serviceability, and we realised that our error messages could do a much better job than just informing users what the error is about - especially when their errors from Postgres directly and the messages could be slightly cryptic for those not familiar with Postgres (yet 😉). The PR linked here is just a small idea and example for what we plan to do with error messages in the future, by giving users more context about the errors like possible solutions and links to relevant documentation. Hopefully this will make using the dashboard slightly more easier 🙂

PR: https://github.com/supabase/supabase/pull/23135

Link: https://supabase.com/dashboard/project/_/editor

Other improvements and bug fixes#

Branching

• Disable branch reset while branch is initializing (PR)

Database

• Allow searching for schema and tables when creating indexes (PR)
• Allow SQL language for writing database functions (PR)

Here’s everything we shipped during our GA week:

Day 1 - Supabase is officially launching into General Availability (GA)#

Supabase has moved to General Availability (GA) with over 1 million databases under management and over 2,500 databases launched daily. We’ve been production ready for years and now we are fully confident that we can help every customer become successful, from weekend projects to enterprise initiatives at organizations like Mozilla, 1Password, and PwC.

Full announcement | Video announcement | X space

Day 2 - Supabase Functions now supports AI models#

Supabase Functions has added a native API that makes it easy to run AI models within your functions while removing nasty cold starts. You can use the gte-small embedding model to generate text embeddings or bring your own Ollama server to tap into many more embedding models and Large Language Models (LLMs) like Llama3 and Mistral. Soon we’ll provide hosted Ollama servers so you won’t have to manage them yourselves for a more seamless experience.

Blog post | Video announcement | X space

Day 3 - Supabase Auth now supports Anonymous sign-ins#

Supabase Auth heard your requests and went to work building anonymous sign-ins which enable you to create temporary users that have yet to sign up for your application. This lowers the friction for visitors to use your application while making it easy to convert them to permanent users once they’re hooked.

Blog post | Video announcement | X space

Day 4 - Supabase Storage now supports the S3 protocol#

Supabase Storage already has standard and resumable uploads and now supports the industry standard S3 protocol enabling multipart upload and compatibility with a myriad of tools such as AWS CLI, Clickhouse, and Airbyte for a wide array of use cases.

Blog post | Video announcement | X space

Day 5 - Supabase Security & Performance Advisor#

Supabase has managed over 1 million databases over the last four years and has seen all manner of use cases with common pitfalls that we’re helping our customers address with our Security, Performance, and Index Advisors. These Advisors will help to surface and fix insecure database configurations and recommend database and query optimizations to keep your database secure and performant for your mission critical workloads.

Blog post | Video announcement | X space

GA Week Hackathon Winners#

We are delighted that so many high quality projects were submitted but in the end there could only be one Best Overall Project. The decision wasn’t easy but the Supabase panel of judges chose vdbs (vision database SQL) for the honorific. Congratulations 👏 to @xavimonp who will receive the prize of Apple AirPods.

Full list of winners | All the submissions

One more thing from GA Week#

Just kidding, there’s always more than one. Here’s more awesome things we shipped:

• Supabase on the AWS Marketplace
• Database branching is now Publicly Available
• Supabase Bootstrap: the fastest way to launch a new project
• Supabase Swift officially supported
• Oriole, table storage extension for Postgres, joins Supabase
• Fly Postgres, a managed offering from Supabase, is available to everyone for testing
• Supabase GA Week meetups in 27 cities around the world
• Join our upcoming Meetup in SF at the a16z office with friends from Ollama and Fly.io

Community Highlights#

• Changing Databases 5 Times in 48 Hours Boosted Our Launch to 35,000 Views [Article]
• Crazy new Supabase feature: Understand and learn about anonymous users [Video]
• Support unstructured data in Postgres with JSON columns [Video]
• Build an AI-powered blogging platform (Next.js, Langchain & CopilotKit) [Article]
• How to Secure Your Supabase Database and Storage [Blog post]
• Self-host Protomaps PMTiles on Supabase Storage [Video]
• Supabase Realtime - How to deal with multiplayers in Next.js [Blog post]
• The Hard Parts of Building an Application, Made Easy with Supabase [Article]

You can now use JSR packages in your Edge Functions. JSR is a modern package registry for JavaScript and TypeScript created by the Deno team. With JSR support, you can use the latest versions of popular Deno packages like Oak.

How to use:

For local development, you will need to update Supabase CLI for the version v1.166.1 or above.

Edge Functions also supports using NPM and deno.land/x packages. If you are already using them, no changes are needed.

Other improvements and bug fixes#

We've been focusing on improving existing features on the dashboard and fixing some issues over the past week, so while we've got nothing shiny to shout out about, here's still a list of things that we've shipped! 🙂 As always, feel free to let us know if there's something that you guys really want to see in the dashboard - we'll see how we can make it happen 😉

General

• Feedback widget will not clear its contents when closing until explicitly cleared or submitted [PR]

Table Editor

• Reinstate link button for foreign keys in table editor side panel [PR]
• Fix creating foreign key on new column after changing column's name [PR]

SQL Editor

• Set column width of results to be relative to column content length [PR]

Authentication

• Added Create policy CTA under each table for convenience [PR]

Storage

• Added file size validation against project's upload limit when uploading files in dashboard [PR]

Database

• Query performance: Fix searching via role and query [PR]
• Query performance: Add db inspect docs link for visibility to aid in helping identify potential Postgres issues [PR]
• Enumerated types: clean up form field when reopening create enumerated type panel [PR]
• Tables: Add ellipses to table descriptions to prevent odd wrapping for long descriptions [PR]

Supabase GA Week just wrapped up but the shipping doesn't! This just summarises what have been shipped over the last week - and more 😉

Auth support for anonymous sign-ins#

Supabase Auth now supports anonymous sign-ins, which can be used to create temporary users who haven’t signed up for your application yet! This lowers the friction for new users to try out your product since they don’t have to provide any signup credentials.

Read more about this here

PR: https://github.com/supabase/supabase/issues/21813

Link: https://supabase.com/dashboard/project/_/settings/auth

Storage support for S3 protocol#

Supabase Storage is now officially an S3-Compatible Storage Provider, and now you can use any S3 client to interact with your buckets and files: upload with TUS, serve them with REST, and manage them with the S3 protocol.

Read more about this here

PR: https://github.com/supabase/supabase/issues/22620

Link: http://supabase.com/dashboard/project/_/settings/storage

3 new advisors to your database#

We've added a Security Advisor, a Performance Advisor and a bonus Index Advisor as tools that can help improve your database, more specifically:

• Security Advisor: for detecting insecure database configuration
• Performance Advisor: for suggesting database optimizations
• Index Advisor: for suggesting indexes on slow-running queries

Read more about them here!

PR: https://github.com/supabase/supabase/issues/22842

Link: http://supabase.com/dashboard/project/_/database/security-advisor

4 new database foreign data wrappers#

We've added support for data wrappers with Auth0, Cognito, Microsoft SQL Server, and Redis! Connect to these external data sources and query them directly from your database.

PR: https://github.com/supabase/supabase/pull/22289

Link: https://supabase.com/dashboard/project/_/database/wrappers

Updating of some projects pages to more appropriate sections#

We've renamed and shifted a couple of pages within a project to sections which we believe are more appropriate and relevant. These include:

• Column Priveleges: Shifted from Auth section to Database section
• Database Replications: Renamed to Publications within the Database section
• Query Performance Reports: Shifted from Reports section to Database section

We've also added more appropriate sections within the Database section in hopes to make things easier to find!

PR: https://github.com/supabase/supabase/issues/22835

Link: https://supabase.com/dashboard/project/_

An option to submit a request to delete your account#

If comes the day that you'd no longer want to use Supabase anymore (hopefully not!) and want to be removed from our systems entirely, feel free to submit a request to delete your account through the account preferences page.

PR: https://github.com/supabase/supabase/pull/22486

Link: [https://supabase.com/dashboard/account/me](https://supabase.com/dashboard/account/me

Other improvements and bug fixes#

General

• Added project connection instructions for Vite [PR]

Join us for a Special Announcement April 15-19#

We’re making a Special Announcement on April 15th with a few more surprises throughout the week. Claim your ticket today so you don’t miss out and enter for a chance to win a set of AirPods Max.

Claim your ticket

Increased Supavisor connection pooler limits#

We’ve increased the Supavisor client connection limits, the number of concurrent clients that can connect to your project’s pooler, for projects on Small, Medium, Large, and XL compute instances while pricing remains unchanged.

Announcement

Conversational AI assistant now available in SQL Editor#

Introducing a conversational AI assistant in the SQL Editor to help you write and iterate on your queries. This is currently under a feature preview and can be enabled with instructions here.

Announcement

Supavisor pooler port 6543 is transaction-mode only#

We’re simplifying Supavisor connection pooler ports and modes so that port 6543 is only transaction mode and port 5432 continues to be only session mode. If you have pool mode set to session we recommend you switch to pooler port 5432 and set the mode to transaction.

Pull request

Migration to v2 platform architecture#

You may have noticed improved performance from your database over the last couple of weeks. We made some architectural changes to free up resources for your Postgres instance by removing Storage, Realtime, and Pgbouncer from your instance and each are replaced with an equivalent multi-tenant solution, including our new Supavisor connection pooler.

Announcement

Implementing semantic image search with Amazon Bedrock and Supabase Vector#

In this post we'll be creating a Python project to implement semantic image search featuring Amazon Bedrock and Amazon Titan’s multimodal model to embed images and Supabase Vecs client library for managing embeddings in your Supabase database with the pgvector extension.

Blog post

Quick Product Announcements#

• [Postgres Tooling] vector (pgvector) upgraded to v0.6.2 enables faster HNSW index builds using more parallel workers [Commit]
• [Postgres Tooling] pg_cron upgraded to v1.6.2 enables sub-minute schedules [Pull request]

Made With Supabase#

• location-tRacer - Supabase Realtime live location sharing app [GitHub]
• Talk to your docs - An example agent providing help on your GitHub documentation [GitHub]
• Feedbase - Open-source solution for collecting feedback & communicating updates [GitHub]
• Wacky Wordcraft - Create wacky stories with some help from AI [Twitter]
• Capgo - Instant updates for Capacitor apps. Ship updates, fixes, changes, and features within minutes [Website]

Community Highlights#

• Building an Investor List App with Novu and Supabase [Blog post]
• 3 reasons you should use Postgres Functions and Transactions [Video]
• Add image support to Flutter web application with Supabase Storage [Video]
• How to set up a secure Supabase project [Blog post]
• Dynamic Role and Permission Management in Supabase: Enhancing Security and Flexibility [Blog post]
• Simulate Supabase Postgres RLS (Row Level Security) [Blog post]
• Monitor Supabase databases and Edge Functions [Blog post]

Update#

Discussion has been updated with solution chosen.

Realtime Authorization for Broadcast and Presence is now available in Public Beta.

See the official documentation.

Overview#

This post explains how authorization works for Realtime Broadcast and Realtime Presence.

This allows you (the developer) to control access to Realtime Channels. We use Postgres Row Level Security to manage access. Developers create Policies which allow or deny access for your users.

Usage#

Creating Realtime Policies#

Using Studio’s SQL editor you can set RLS rules against the table realtime.messages which will define the rules for your users.

Since you are using RLS policies you can do more complex examples.

In a scenario where you have a schema with a table for rooms and one that creates an association between rooms and users.

We'll use this example schema to be showcase RLS policies limiting Realtime functionality

We can build more complex RLS rules using this information:

Testing Authorization#

Now to test it we can use a quick deno script by creating a index.ts

This will return an error with the message You do not have permissions to read from this Topic

But if we change our code to pass along an authenticated user, then we will be able to connect and receive / send messages.

Do not forget that RLS policies can use other tables in them so this will give you all the flexibility you need to better fit your use case but be aware of the performance impact of heavy RLS queries or non-indexed fields.

Migrating from Public Channels#

On connect, you need to send in the configuration that the channel will be private: true

Client library#

We’re working on the next version actively so we can provide a good developer experience.

Please check the latest next version at https://www.npmjs.com/package/@supabase/realtime-js?activeTab=versions

This library as changed the configuration settings to add private: true on channel connect to determine if the user will be connecting an RLS checked channel.

How it works#

Connection context#

When you connect with Realtime we set a connection configuration with your JWT, Topic and Headers using the following query:

This query is only run when you connect to a topic.

We’re also providing a new function to easily fetch the realtime.topic configuration with

Applying RLS Policies#

To achieve RLS checks on your Realtime connection we created a new table in the realtime schema to which you will be able to write RLS rules against it to control your topics extensions.

You won’t see any entries recorded in this table as we rollback the changes made to test out RLS policies to avoid creating clutter in your database.

Supavisor, Supabase's multi-tenant connection pooler deployed to regional clusters, became production ready back in December 2023. You can read the announcement here.

Since then, we've migrated Supabase projects from PgBouncer, single tenant connection pooler deployed to the project's instance, to Supavisor.

However, we kept the previous client connection limits from PgBouncer during the transition across all compute instances.

Today, we're happy to announce that we've increased this limit for compute instances Small, Medium, Large, and XL so your projects can take advantage of additional client connections while pricing remains unchanged. These new limits have already been applied to all existing projects and any new projects spun up.

Here's a quick breakdown:

For a more complete breakdown of your compute instance resources head over to the Compute Add-ons page.

Update to the UI for RLS policies#

We've been looking into improving the UX for the RLS policy UI after going through feedback of the community's struggles with RLS in general, and this is the next step that we're taking to streamline the UX.

What we're calling as a "hybrid" editor (for now), you'll be able to see the corresponding SQL query for creating or updating your RLS policies while you're editing the policy via the input fields. And if you'd like even greater control, there's always the "Open in SQL Editor" button as an escape hatch where you can edit the SQL query in its entirety.

Templates are now right beside the editor as well, so you no longer have to click back and forth between templates and the editor.

We've always seen the dashboard as more than just a database adminstration tool, but also potentially an educational platform for developers to pick up the SQL language as they build out their database, and we hope that the changes here will help make that even easier.

PR: https://github.com/supabase/supabase/pull/21806

Link: https://supabase.com/dashboard/project/_/auth/policies

Connection pooler on port 6543 is set to transaction mode permanently#

Previously, connection pooler's port 6543 can be set to either transaction or session mode under your project's database settings. This change makes it easier to distinguish between pooler modes and ports by only enabling transaction mode on port 6543 while maintaining session mode on port 5432.

If your using port 6543 and your project's pooler mode is transaction then you won't be able to set the mode to session. You can use port 5432 for session mode.

If your using port 6543 and your project's pooler mode is session then we strongly advise that you use port 5432 for session mode and change the mode to transaction. Once this setting is saved you won't be able to set session mode on port 6543.

PR: https://github.com/supabase/supabase/pull/22150

Link: https://supabase.com/dashboard/project/_/settings/database#connection-pooler

Other improvements and bug fixes#

[General]

• Home page connect modal fix broken link under pooler mode to Database Settings [PR]
• Fix toast messages to handle really long messages, and support closing them in such scenarios [PR]

[Auth]

• Fix applying table privileges to incorrect table if there any more than 1 table with the same name in different schemas [PR]

[Table Editor]

• Prevent updating RLS via GUI for tables under protected schemas [PR]
• Support updating column "is unique" when editing table in side panel [PR]
• Fix support NULL values when importing data via CSV text [PR]
• Ensure that table and column names are trimmed for whitespaces when saving [PR]

[Storage Explorer]

• Fix delete bucket modal styling when bucket name is long [PR]
• Fix deleting parent folder not deleting child folders despite child folders being empty [PR]

[Database Pages]

• Fix inability to manage foreign keys [PR]
• Validate enumerated types to ensure names do not conflict with native PG data type names [PR]
• Validate enumerated types to ensure names do not conflict with native PG data type names [PR]
• Fix Stripe foreign data wrapper to support selecting a rowid_column, addresses the issue of not being able to update stripe foreign tables [PR]

Launch week, Storage, Supabase CLI, Connection Pooling, Supabase UI, and Pricing. Here's what we released last month.

This is also available as a blog post and a video demo.

Supabase Storage#

Need to store images, audio, and video clips? Well now you can do it on Supabase Storage. It's backed by S3 and our new OSS storage API written in Fastify and Typescript. Read the full blog post.

Connection Pooling#

The Supabase API already handles Connection Pooling, but if you're connecting to your database directly (for example, with Prisma) we now bundle PgBouncer. Read the full blog post.

React UI Component Library#

We open sourced our internal UI component library, so that anyone can use and contribute to the Supabase aesthetic. It lives at ui.supabase.io . It was also the #1 Product of the Day on Product Hunt.

CLI#

Now you can run Supabase locally in the terminal with supabase start. We have done some preliminary work on diff-based schema migrations, and added some new tooling for self-hosting Supabase with Docker. Blog post here.

OAuth Scopes#

Thanks to a comunity contribution (@_mateomorris and @Beamanator), Supabase Auth now includes OAuth scopes. These allow you to request elevated access during login. For example, you may want to request access to a list of Repositories when users log in with GitHub. Check out the Documentation.

Kaizen#

• You can now manage your PostgREST configuration inside the Dashboard.
• Our website has been redesigned. Check out our new Homepage and Blog, and our new Database, Auth, and Storage product pages.
• We refactored some of our Filter methods to make them even easier to use. Check out the Full Text Search refactor.
• We have added several new sections to our Docs including: Local Dev, Self Hosting, and Postgres Reference docs (all still under development).

Supabase is an open source Firebase alternative. We've now been building for one year. Here's what we released last month.

This is also available as a blog post and a video demo.

Dashboard Sidebars#

We've improved the UX of our Dashboard with sidebars in every section, including the Table view, the Auth section, and the SQL Editor.

SQL Autocomplete#

Writing SQL just got 10x easier. We added autocomplete to the SQL editor, including table & column suggestions.

Auth Redirects#

Redirect your users to specific route within your site on signIn() and signUp().

Learning Resources#

We've released a new Resources section in our docs, as well as two new Auth modules: GoTrue Overview and Google OAuth.

New Region#

Launch your database in South Africa.

Kaizen#

• We filled up our Examples page with a lot of new content.
• We released a Docker Compose file for running Supabase locally. This will be used in our upcoming CLI.
• We have a couple of pending RFCs which you may want to participate in:
  • Planning our CLI and Local Development
  • Connection Pooling on Supabase

New year, new features. We've been busy at Supabase during January and our community has been even busier. Here's a few things you'll find interesting.

This is also available as a blog post and a video demo.

Count functionality#

Anyone who has worked with Firebase long enough has become frustrated over the lack of count functionality. This isn't a problem with PostgreSQL! Our libraries now have support for PostgREST's exact, planned, and estimated counts. A massive thanks to @dshukertjr for this adding support to our client library.

New Auth Providers#

We enabled 2 new Auth providers - Facebook and Azure. Thanks to @Levet for the Azure plugin, and once again to Netlify's amazing work with GoTrue to implement Facebook.

Auth Audit Trail#

We have exposed the audit trail directly in the dashboard, as well as the GoTrue logs. Great for security and debugging.

Auth UI widget#

In case our Auth endpoints aren't easy enough already, we've built a React Auth Widget for you to drop into your app and to get up-and-running in minutes.

New auth.email() function#

We added a helper function for extracting the logged in user's email address.

New Regions#

Launch your database in London or Sydney!

Copy rows as Markdown#

You can now copy SQL results as Markdown - super useful for adding to blogs and issues.

React server components#

If you're excited by React Server components then check out the Supabase + Server Components experimental repo. https://github.com/supabase/next-server-components

Learn#

We know that Auth can be a bit daunting when you're just starting out, so we have created some intro videos to get you up to speed in no time:

• Supabase Auth Deep Dive Part 1: JWTs
• Supabase Auth Deep Dive Part 2: Restrict Table Access
• Supabase Auth Deep Dive Part 3: User Based Access Policies

Kaizen#

• Performance: We migrated all of our subdomains to Route53, implementing custom Let's Encrypt certs for your APIs. As a result, our read benchmarks are measuring up 12% faster.
• Performance: We upgrade your databases to the new GP3 storage for faster and more consistent throughput.

After 10 hectic months of building, Supabase is now in Beta.

This is also available as a blog post and a video demo.

Supabase is now in Beta#

We spent months working on Performance, Security, and Reliability. Read more on our Beta Page.

Improve your docs inline#

Add comments and descriptions to your Tables directly from our auto-generated docs.

Table View now has realtime changes#

Any updates that happen to your database are reflected in the Table View immediately.

Table Pagination#

Our table view now has pagination - better for working with large data sets.

Supabase raised a Seed Round#

We raised $6M from Y Combinator, Mozilla, and Coatue. You can read more on TechCrunch.

Kaizen#

• Supabase is now 26% faster in regions which support Graviton (1460 reqs/s up from 1167 reqs/s)
• We launched a new region in Sao Paulo.
• Postgres Array Support. You can now edit Native Postgres array items in the grid editor or the side panel.
• We added better support for your custom Database Types.
• Fixed some buggy keyboard commands. We're continuously improving key commands in the Table editor.